import libxcrypt-4.1.1-4.el8
This commit is contained in:
commit
6113b63613
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/libxcrypt-4.1.1.tar.gz
|
1
.libxcrypt.metadata
Normal file
1
.libxcrypt.metadata
Normal file
@ -0,0 +1 @@
|
||||
12f53bf48f4c08a5b650537e1e236495d39e5a81 SOURCES/libxcrypt-4.1.1.tar.gz
|
67
SOURCES/libxcrypt-rh1612157.patch
Normal file
67
SOURCES/libxcrypt-rh1612157.patch
Normal file
@ -0,0 +1,67 @@
|
||||
commit cc1806e214b89403152c2c53932d8d0b8aeb1e91
|
||||
Author: Björn Esser <besser82@fedoraproject.org>
|
||||
Date: Sat Aug 4 13:02:03 2018 +0200
|
||||
|
||||
Add alias man-pages for other crypt functions.
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 201dea53313e7054..1ea36121d085b55d 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -15,7 +15,8 @@ EXTRA_DIST = \
|
||||
gen-map.awk gen-vers.awk gen-crypt-h.awk \
|
||||
gen-hashes.awk sel-hashes.awk hashes.lst
|
||||
|
||||
-notrans_dist_man3_MANS = crypt_rn.3 crypt_gensalt.3
|
||||
+notrans_dist_man3_MANS = crypt.3 crypt_r.3 crypt_ra.3 \
|
||||
+ crypt_rn.3 crypt_gensalt.3
|
||||
notrans_dist_man5_MANS = crypt.5
|
||||
|
||||
nodist_include_HEADERS = crypt.h
|
||||
diff --git a/crypt.3 b/crypt.3
|
||||
new file mode 100644
|
||||
index 0000000000000000..430e48f320d6e8af
|
||||
--- /dev/null
|
||||
+++ b/crypt.3
|
||||
@@ -0,0 +1 @@
|
||||
+.so man3/crypt_rn.3
|
||||
diff --git a/crypt.5 b/crypt.5
|
||||
index 5db9c923cbd66e55..7fe46091f192b114 100644
|
||||
--- a/crypt.5
|
||||
+++ b/crypt.5
|
||||
@@ -279,6 +279,8 @@ that will work on an old operating system that supports nothing else.
|
||||
.hash "$3$" "\e$3\e$\e$[0-9a-f]{32}" unlimited 8 256 256 0 1
|
||||
.SH SEE ALSO
|
||||
.BR crypt (3),
|
||||
+.BR crypt_r (3),
|
||||
+.BR crypt_ra (3),
|
||||
.BR crypt_rn (3),
|
||||
.BR crypt_gensalt (3),
|
||||
.BR getpwent (3),
|
||||
diff --git a/crypt_gensalt.3 b/crypt_gensalt.3
|
||||
index ebfff28db79a3c53..31097400e5cd2080 100644
|
||||
--- a/crypt_gensalt.3
|
||||
+++ b/crypt_gensalt.3
|
||||
@@ -223,6 +223,8 @@ T} Thread safety MT-Safe
|
||||
.SH SEE ALSO
|
||||
.ad l
|
||||
.BR crypt (3),
|
||||
+.BR crypt_r (3),
|
||||
+.BR crypt_ra (3),
|
||||
.BR crypt_rn (3),
|
||||
.BR getpass (3),
|
||||
.BR getpwent (3),
|
||||
diff --git a/crypt_r.3 b/crypt_r.3
|
||||
new file mode 100644
|
||||
index 0000000000000000..430e48f320d6e8af
|
||||
--- /dev/null
|
||||
+++ b/crypt_r.3
|
||||
@@ -0,0 +1 @@
|
||||
+.so man3/crypt_rn.3
|
||||
diff --git a/crypt_ra.3 b/crypt_ra.3
|
||||
new file mode 100644
|
||||
index 0000000000000000..430e48f320d6e8af
|
||||
--- /dev/null
|
||||
+++ b/crypt_ra.3
|
||||
@@ -0,0 +1 @@
|
||||
+.so man3/crypt_rn.3
|
320
SOURCES/libxcrypt-rh1613537.patch
Normal file
320
SOURCES/libxcrypt-rh1613537.patch
Normal file
@ -0,0 +1,320 @@
|
||||
commit 8596e298f761c32cecff45424f5242cd14269292
|
||||
Author: Zack Weinberg <zackw@panix.com>
|
||||
Date: Tue Aug 7 21:35:12 2018 -0400
|
||||
|
||||
Add configure option --disable-failure-tokens.
|
||||
|
||||
When this option is given, crypt and crypt_r will return NULL on
|
||||
failure, instead of a special "failure token" string that isn't the
|
||||
hash of any passphrase. This was the historical behavior of glibc,
|
||||
FreeBSD libc, and several other implementations.
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index a22a5926bd82f729..23651f9c5c886107 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([
|
||||
])
|
||||
|
||||
# Configure options.
|
||||
+AC_ARG_ENABLE([failure-tokens],
|
||||
+ AS_HELP_STRING(
|
||||
+ [--disable-failure-tokens],
|
||||
+ [Make crypt and crypt_r return NULL on failure, instead of a
|
||||
+ special "failure token" string that isn't the hash of any
|
||||
+ passphrase. This matches the behavior of several other
|
||||
+ crypt implementations, but will break programs that assume these
|
||||
+ functions never return NULL. crypt_rn and crypt_ra are not affected
|
||||
+ by this option, and will always return NULL on failure.]
|
||||
+ ),
|
||||
+ [case "$enableval" in
|
||||
+ yes) enable_failure_tokens=1;;
|
||||
+ no) enable_failure_tokens=0;;
|
||||
+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);;
|
||||
+ esac],
|
||||
+ [enable_failure_tokens=1])
|
||||
+AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens],
|
||||
+ [Define to 1 if crypt and crypt_r should return a "failure token" on
|
||||
+ failure, or 0 if they should return NULL.])
|
||||
|
||||
AC_ARG_ENABLE([obsolete-api],
|
||||
AS_HELP_STRING(
|
||||
diff --git a/crypt.c b/crypt.c
|
||||
index 9a3e19214e613097..839763afad14eaa9 100644
|
||||
--- a/crypt.c
|
||||
+++ b/crypt.c
|
||||
@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
|
||||
{
|
||||
make_failure_token (setting, data->output, sizeof data->output);
|
||||
do_crypt (phrase, setting, data);
|
||||
+#if ENABLE_FAILURE_TOKENS
|
||||
return data->output;
|
||||
+#else
|
||||
+ return data->output[0] == '*' ? 0 : data->output;
|
||||
+#endif
|
||||
}
|
||||
SYMVER_crypt_r;
|
||||
#endif
|
||||
diff --git a/crypt_rn.3 b/crypt_rn.3
|
||||
index 24da44cfce19716b..d021c4ed4a046e04 100644
|
||||
--- a/crypt_rn.3
|
||||
+++ b/crypt_rn.3
|
||||
@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate
|
||||
object is used for each thread.
|
||||
.PP
|
||||
Upon error,
|
||||
-.B crypt
|
||||
-and
|
||||
-.B crypt_r
|
||||
-return a pointer to an
|
||||
+.BR crypt_r ", " crypt_rn ", and " crypt_ra
|
||||
+write an
|
||||
.I invalid
|
||||
-hashed passphrase.
|
||||
+hashed passphrase to the
|
||||
+.I output
|
||||
+field of their
|
||||
+.I crypt_data
|
||||
+object, and
|
||||
+.B crypt
|
||||
+writes an invalid hash to its static storage area.
|
||||
This string will be shorter than 13 characters,
|
||||
will begin with a \(oq\fB*\fR\(cq,
|
||||
and will not compare equal to
|
||||
.IR setting .
|
||||
-(This peculiar behavior is for compatibility
|
||||
+.PP
|
||||
+Upon error,
|
||||
+.BR crypt_rn " and " crypt_ra
|
||||
+return a null pointer.
|
||||
+.BR crypt_r " and " crypt
|
||||
+may also return a null pointer,
|
||||
+or they may return a pointer to the invalid hash,
|
||||
+depending on how
|
||||
+.I libcrypt
|
||||
+was configured.
|
||||
+(The option to return the invalid hash is for compatibility
|
||||
with old applications that assume that
|
||||
.B crypt
|
||||
cannot return a null pointer.
|
||||
@@ -222,15 +236,6 @@ See
|
||||
.B "PORTABILITY NOTES"
|
||||
below.)
|
||||
.PP
|
||||
-.B crypt_rn
|
||||
-and
|
||||
-.B crypt_ra
|
||||
-also write an invalid hashed passphrase to the
|
||||
-.I output
|
||||
-field of their
|
||||
-.I crypt_data
|
||||
-object when they fail, but they return a null pointer.
|
||||
-.PP
|
||||
All four functions set
|
||||
.I errno
|
||||
when they fail.
|
||||
diff --git a/test-badsalt.c b/test-badsalt.c
|
||||
index b2743373628b1f3f..3d2e47ac0e7647bd 100644
|
||||
--- a/test-badsalt.c
|
||||
+++ b/test-badsalt.c
|
||||
@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn,
|
||||
const char *retval, const char *setting,
|
||||
bool expected_to_succeed)
|
||||
{
|
||||
- /* crypt/crypt_r should never return null */
|
||||
+#if ENABLE_FAILURE_TOKENS
|
||||
+ /* crypt/crypt_r never return null when failure tokens are enabled */
|
||||
if (!retval)
|
||||
{
|
||||
printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
|
||||
return false;
|
||||
}
|
||||
+#else
|
||||
+ if (expected_to_succeed && !retval)
|
||||
+ {
|
||||
+ printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
|
||||
+ return false;
|
||||
+ }
|
||||
+ else if (!expected_to_succeed && retval)
|
||||
+ {
|
||||
+ printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n",
|
||||
+ label, setting, fn, (const void *)retval);
|
||||
+ return false;
|
||||
+ }
|
||||
+ else if (!expected_to_succeed && !retval)
|
||||
+ return true;
|
||||
+#endif
|
||||
if (!check_results (label, fn, retval, setting,
|
||||
expected_to_succeed))
|
||||
return false;
|
||||
diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c
|
||||
index 0e6af1626a605086..6be24a99ca7f9015 100644
|
||||
--- a/test-crypt-badargs.c
|
||||
+++ b/test-crypt-badargs.c
|
||||
@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag,
|
||||
check (tag, expect, got);
|
||||
}
|
||||
|
||||
+#if ENABLE_FAILURE_TOKENS
|
||||
+# define FT0 "*0"
|
||||
+# define FT1 "*1"
|
||||
+#else
|
||||
+# define FT0 0
|
||||
+# define FT1 0
|
||||
+#endif
|
||||
+
|
||||
/* PAGE should point to PAGESIZE bytes of read-write memory followed
|
||||
by another PAGESIZE bytes of inaccessible memory. */
|
||||
|
||||
@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize)
|
||||
size_t i;
|
||||
|
||||
/* When SETTING is null, it shouldn't matter what PHRASE is. */
|
||||
- expect_no_fault ("0.0.crypt", 0, 0, "*0", test_crypt);
|
||||
- expect_no_fault ("0.0.crypt_r", 0, 0, "*0", test_crypt_r);
|
||||
+ expect_no_fault ("0.0.crypt", 0, 0, FT0, test_crypt);
|
||||
+ expect_no_fault ("0.0.crypt_r", 0, 0, FT0, test_crypt_r);
|
||||
expect_no_fault ("0.0.crypt_rn", 0, 0, 0, test_crypt_rn);
|
||||
expect_no_fault ("0.0.crypt_ra", 0, 0, 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("''.0.crypt", "", 0, "*0", test_crypt);
|
||||
- expect_no_fault ("''.0.crypt_r", "", 0, "*0", test_crypt_r);
|
||||
+ expect_no_fault ("''.0.crypt", "", 0, FT0, test_crypt);
|
||||
+ expect_no_fault ("''.0.crypt_r", "", 0, FT0, test_crypt_r);
|
||||
expect_no_fault ("''.0.crypt_rn", "", 0, 0, test_crypt_rn);
|
||||
expect_no_fault ("''.0.crypt_ra", "", 0, 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("ph.0.crypt", phrase, 0, "*0", test_crypt);
|
||||
- expect_no_fault ("ph.0.crypt_r", phrase, 0, "*0", test_crypt_r);
|
||||
+ expect_no_fault ("ph.0.crypt", phrase, 0, FT0, test_crypt);
|
||||
+ expect_no_fault ("ph.0.crypt_r", phrase, 0, FT0, test_crypt_r);
|
||||
expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0, test_crypt_rn);
|
||||
expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("p1.0.crypt", p1, 0, "*0", test_crypt);
|
||||
- expect_no_fault ("p1.0.crypt_r", p1, 0, "*0", test_crypt_r);
|
||||
+ expect_no_fault ("p1.0.crypt", p1, 0, FT0, test_crypt);
|
||||
+ expect_no_fault ("p1.0.crypt_r", p1, 0, FT0, test_crypt_r);
|
||||
expect_no_fault ("p1.0.crypt_rn", p1, 0, 0, test_crypt_rn);
|
||||
expect_no_fault ("p1.0.crypt_ra", p1, 0, 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("p2.0.crypt", p2, 0, "*0", test_crypt);
|
||||
- expect_no_fault ("p2.0.crypt_r", p2, 0, "*0", test_crypt_r);
|
||||
+ expect_no_fault ("p2.0.crypt", p2, 0, FT0, test_crypt);
|
||||
+ expect_no_fault ("p2.0.crypt_r", p2, 0, FT0, test_crypt_r);
|
||||
expect_no_fault ("p2.0.crypt_rn", p2, 0, 0, test_crypt_rn);
|
||||
expect_no_fault ("p2.0.crypt_ra", p2, 0, 0, test_crypt_ra);
|
||||
|
||||
/* Conversely, when PHRASE is null,
|
||||
it shouldn't matter what SETTING is... */
|
||||
- expect_no_fault ("0.''.crypt", 0, "", "*0", test_crypt);
|
||||
- expect_no_fault ("0.''.crypt_r", 0, "", "*0", test_crypt_r);
|
||||
+ expect_no_fault ("0.''.crypt", 0, "", FT0, test_crypt);
|
||||
+ expect_no_fault ("0.''.crypt_r", 0, "", FT0, test_crypt_r);
|
||||
expect_no_fault ("0.''.crypt_rn", 0, "", 0, test_crypt_rn);
|
||||
expect_no_fault ("0.''.crypt_ra", 0, "", 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("0.'*'.crypt", 0, "*", "*0", test_crypt);
|
||||
- expect_no_fault ("0.'*'.crypt_r", 0, "*", "*0", test_crypt_r);
|
||||
+ expect_no_fault ("0.'*'.crypt", 0, "*", FT0, test_crypt);
|
||||
+ expect_no_fault ("0.'*'.crypt_r", 0, "*", FT0, test_crypt_r);
|
||||
expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0, test_crypt_rn);
|
||||
expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("0.'*0'.crypt", 0, "*0", "*1", test_crypt);
|
||||
- expect_no_fault ("0.'*0'.crypt_r", 0, "*0", "*1", test_crypt_r);
|
||||
+ expect_no_fault ("0.'*0'.crypt", 0, "*0", FT1, test_crypt);
|
||||
+ expect_no_fault ("0.'*0'.crypt_r", 0, "*0", FT1, test_crypt_r);
|
||||
expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0, test_crypt_rn);
|
||||
expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("0.'*1'.crypt", 0, "*1", "*0", test_crypt);
|
||||
- expect_no_fault ("0.'*1'.crypt_r", 0, "*1", "*0", test_crypt_r);
|
||||
+ expect_no_fault ("0.'*1'.crypt", 0, "*1", FT0, test_crypt);
|
||||
+ expect_no_fault ("0.'*1'.crypt_r", 0, "*1", FT0, test_crypt_r);
|
||||
expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0, test_crypt_rn);
|
||||
expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0, test_crypt_ra);
|
||||
|
||||
- expect_no_fault ("0.p1.crypt", 0, p1, "*0", test_crypt);
|
||||
- expect_no_fault ("0.p1.crypt_r", 0, p1, "*0", test_crypt_r);
|
||||
+ expect_no_fault ("0.p1.crypt", 0, p1, FT0, test_crypt);
|
||||
+ expect_no_fault ("0.p1.crypt_r", 0, p1, FT0, test_crypt_r);
|
||||
expect_no_fault ("0.p1.crypt_rn", 0, p1, 0, test_crypt_rn);
|
||||
expect_no_fault ("0.p1.crypt_ra", 0, p1, 0, test_crypt_ra);
|
||||
|
||||
@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize)
|
||||
bug, but it's impractical to fix without breaking the property
|
||||
that 'crypt' _never_ creates a failure token that is equal to the
|
||||
setting string, which is more important than this corner case. */
|
||||
- expect_a_fault ("0.p2.crypt", 0, p2, "*0", test_crypt);
|
||||
- expect_a_fault ("0.p2.crypt_r", 0, p2, "*0", test_crypt_r);
|
||||
+ expect_a_fault ("0.p2.crypt", 0, p2, FT0, test_crypt);
|
||||
+ expect_a_fault ("0.p2.crypt_r", 0, p2, FT0, test_crypt_r);
|
||||
expect_a_fault ("0.p2.crypt_rn", 0, p2, 0, test_crypt_rn);
|
||||
expect_a_fault ("0.p2.crypt_ra", 0, p2, 0, test_crypt_ra);
|
||||
|
||||
@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize)
|
||||
strcpy (page, "p1.'");
|
||||
strcat (page, settings[i]);
|
||||
strcat (page, "'.crypt");
|
||||
- expect_a_fault (page, p1, settings[i], "*0", test_crypt);
|
||||
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt);
|
||||
strcat (page, "_r");
|
||||
- expect_a_fault (page, p1, settings[i], "*0", test_crypt_r);
|
||||
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt_r);
|
||||
strcat (page, "n");
|
||||
expect_a_fault (page, p1, settings[i], 0, test_crypt_rn);
|
||||
page [strlen (page) - 1] = 'a';
|
||||
@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize)
|
||||
strcpy (page, "p2.'");
|
||||
strcat (page, settings[i]);
|
||||
strcat (page, "'.crypt");
|
||||
- expect_a_fault (page, p2, settings[i], "*0", test_crypt);
|
||||
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt);
|
||||
strcat (page, "_r");
|
||||
- expect_a_fault (page, p2, settings[i], "*0", test_crypt_r);
|
||||
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt_r);
|
||||
strcat (page, "n");
|
||||
expect_a_fault (page, p2, settings[i], 0, test_crypt_rn);
|
||||
page [strlen (page) - 1] = 'a';
|
||||
@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize)
|
||||
|
||||
/* Conversely, when PHRASE is valid, passing an invalid string as SETTING
|
||||
should crash reliably. */
|
||||
- expect_a_fault ("ph.p2.crypt", phrase, p2, "*0", test_crypt);
|
||||
- expect_a_fault ("ph.p2.crypt_r", phrase, p2, "*0", test_crypt_r);
|
||||
+ expect_a_fault ("ph.p2.crypt", phrase, p2, FT0, test_crypt);
|
||||
+ expect_a_fault ("ph.p2.crypt_r", phrase, p2, FT0, test_crypt_r);
|
||||
expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0, test_crypt_rn);
|
||||
expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0, test_crypt_ra);
|
||||
|
||||
@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize)
|
||||
strcpy (page, "ph.'");
|
||||
strcat (page, settings[i]);
|
||||
strcat (page, ".crypt");
|
||||
- expect_a_fault (page, phrase, p1, "*0", test_crypt);
|
||||
+ expect_a_fault (page, phrase, p1, FT0, test_crypt);
|
||||
strcat (page, "_r");
|
||||
- expect_a_fault (page, phrase, p1, "*0", test_crypt_r);
|
||||
+ expect_a_fault (page, phrase, p1, FT0, test_crypt_r);
|
||||
strcat (page, "n");
|
||||
expect_a_fault (page, phrase, p1, 0, test_crypt_rn);
|
||||
page [strlen (page) - 1] = 'a';
|
||||
diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c
|
||||
index c984e4d47d8df2c6..bf149b405bd408c7 100644
|
||||
--- a/test-crypt-bcrypt.c
|
||||
+++ b/test-crypt-bcrypt.c
|
||||
@@ -194,8 +194,12 @@ main (void)
|
||||
errno = 0;
|
||||
p = crypt (key, setting);
|
||||
errnm = errno;
|
||||
+#if ENABLE_FAILURE_TOKENS
|
||||
match = strcmp (p, hash);
|
||||
- if ((!ok && !errno) || strcmp (p, hash))
|
||||
+#else
|
||||
+ match = (ok ? strcmp (p, hash) : p != 0);
|
||||
+#endif
|
||||
+ if ((!ok && !errno) || match)
|
||||
{
|
||||
printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, "
|
||||
"p=%s match=%d err=%s\n",
|
259
SPECS/libxcrypt.spec
Normal file
259
SPECS/libxcrypt.spec
Normal file
@ -0,0 +1,259 @@
|
||||
# Shared object version of libcrypt.
|
||||
%global soc 1
|
||||
%global sol 1
|
||||
%global sof 0
|
||||
%global sov %{soc}.%{sol}.%{sof}
|
||||
|
||||
# Add generation of HMAC checksums of the final stripped
|
||||
# binaries. %%define with lazy globbing is used here
|
||||
# intentionally, because using %%global does not work.
|
||||
%define __spec_install_post \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
%{__os_install_post} \
|
||||
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \
|
||||
%{__ln_s} .libcrypt.so.%{sov}.hmac \\\
|
||||
%{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \
|
||||
%{nil}
|
||||
|
||||
|
||||
Name: libxcrypt
|
||||
Version: 4.1.1
|
||||
Release: 4%{?dist}
|
||||
Summary: Extended crypt library for DES, MD5, Blowfish and others
|
||||
|
||||
# For explicit license breakdown, see the
|
||||
# LICENSING file in the source tarball.
|
||||
License: LGPLv2+ and BSD and Public Domain
|
||||
URL: https://github.com/besser82/%{name}
|
||||
Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
Patch1: libxcrypt-rh1612157.patch
|
||||
Patch2: libxcrypt-rh1613537.patch
|
||||
|
||||
BuildRequires: fipscheck
|
||||
BuildRequires: libtool
|
||||
|
||||
Requires: glibc%{_isa} >= 2.26.9000-46
|
||||
|
||||
# We do not need to keep this forever.
|
||||
%if 0%{?fedora} && 0%{?fedora} <= 31
|
||||
# Inherited from former libcrypt package.
|
||||
Obsoletes: libcrypt-nss <= 2.26.9000-33
|
||||
|
||||
# Obsolete former libcrypt properly.
|
||||
Obsoletes: libcrypt <= 2.26.9000-46
|
||||
|
||||
# Provide virtual libcrypt as it has been done
|
||||
# by former libcrypt{,-nss} packages from glibc.
|
||||
Provides: libcrypt == 2.26.9000-46.1
|
||||
Provides: libcrypt%{?_isa} == 2.26.9000-46.1
|
||||
%endif
|
||||
|
||||
%description
|
||||
libxcrypt is a modern library for one-way hashing of passwords. It
|
||||
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
|
||||
hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
|
||||
interfaces, as well as a set of extended interfaces pioneered by
|
||||
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
|
||||
'crypt_gensalt_rn', and 'crypt_gensalt_ra'.
|
||||
|
||||
libxcrypt is intended to be used by login(1), passwd(1), and other
|
||||
similar programs; that is, to hash a small number of passwords during
|
||||
an interactive authentication dialogue with a human. It is not
|
||||
suitable for use in bulk password-cracking applications, or in any
|
||||
other situation where speed is more important than careful handling of
|
||||
sensitive data. However, it *is* intended to be fast and lightweight
|
||||
enough for use in servers that must field thousands of login attempts
|
||||
per minute.
|
||||
|
||||
On Linux-based systems, by default libxcrypt will be binary backward
|
||||
compatible with the libcrypt.so.1 shipped as part of the GNU C Library.
|
||||
This means that all existing binary executables linked against glibc's
|
||||
libcrypt should work unmodified with this library's libcrypt.so.1. We
|
||||
have taken pains to provide exactly the same "symbol versions" as were
|
||||
used by glibc on various CPU architectures, and to account for the
|
||||
variety of ways in which the Openwall extensions were patched into
|
||||
glibc's libcrypt by some Linux distributions. (For instance,
|
||||
compatibility symlinks for SuSE's "libowcrypt" are provided.)
|
||||
|
||||
However, the converse is not true: programs linked against libxcrypt
|
||||
will not work with glibc's libcrypt. Also, programs that use certain
|
||||
legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r',
|
||||
'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt.
|
||||
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
|
||||
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||
Requires: glibc-devel%{?_isa} >= 2.26.9000-46
|
||||
Requires: glibc-headers%{?_isa} >= 2.26.9000-46
|
||||
Conflicts: man-pages < 4.15-3
|
||||
|
||||
%description devel
|
||||
The %{name}-devel package contains libraries and header files for
|
||||
developing applications that use %{name}.
|
||||
|
||||
|
||||
%package static
|
||||
Summary: Static library for -static linking with %{name}
|
||||
|
||||
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
|
||||
Requires: glibc-static%{?_isa} >= 2.26.9000-46
|
||||
|
||||
%description static
|
||||
This package contains the libxcrypt static libraries for -static
|
||||
linking. You don't need this, unless you link statically, which
|
||||
is highly discouraged.
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -p 1
|
||||
%{_bindir}/autoreconf -fiv
|
||||
|
||||
|
||||
%build
|
||||
%configure \
|
||||
--libdir=/%{_lib} \
|
||||
--disable-silent-rules \
|
||||
--enable-shared \
|
||||
--enable-static \
|
||||
--disable-failure-tokens \
|
||||
--enable-hashes=all \
|
||||
--enable-obsolete-api=glibc \
|
||||
--with-pkgconfigdir=%{_libdir}/pkgconfig
|
||||
%make_build
|
||||
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
# Get rid of libtool crap.
|
||||
%{_bindir}/find %{buildroot} -name '*.la' -print -delete
|
||||
|
||||
# Install documentation to shared %%_pkgdocdir.
|
||||
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
|
||||
ChangeLog NEWS README THANKS TODO
|
||||
|
||||
|
||||
%check
|
||||
%make_build check || \
|
||||
{
|
||||
rc=$?;
|
||||
echo "-----BEGIN TESTLOG-----";
|
||||
%{__cat} test-suite.log;
|
||||
echo "-----END TESTLOG-----";
|
||||
exit $rc;
|
||||
}
|
||||
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
|
||||
%files
|
||||
%license AUTHORS COPYING.LIB LICENSING
|
||||
%doc %dir %{_pkgdocdir}
|
||||
%doc %{_pkgdocdir}/NEWS
|
||||
%doc %{_pkgdocdir}/README
|
||||
%doc %{_pkgdocdir}/THANKS
|
||||
/%{_lib}/.libcrypt.so.%{soc}.hmac
|
||||
/%{_lib}/.libcrypt.so.%{sov}.hmac
|
||||
/%{_lib}/libcrypt.so.%{soc}
|
||||
/%{_lib}/libcrypt.so.%{sov}
|
||||
%{_mandir}/man5/crypt.5.*
|
||||
|
||||
|
||||
%files devel
|
||||
%doc %{_pkgdocdir}/ChangeLog
|
||||
%doc %{_pkgdocdir}/TODO
|
||||
/%{_lib}/libcrypt.so
|
||||
%{_includedir}/crypt.h
|
||||
%{_libdir}/pkgconfig/libcrypt.pc
|
||||
%{_libdir}/pkgconfig/%{name}.pc
|
||||
%{_mandir}/man3/crypt.3.*
|
||||
%{_mandir}/man3/crypt_r.3.*
|
||||
%{_mandir}/man3/crypt_ra.3.*
|
||||
%{_mandir}/man3/crypt_rn.3.*
|
||||
%{_mandir}/man3/crypt_gensalt.3.*
|
||||
|
||||
%files static
|
||||
/%{_lib}/libcrypt.a
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-4
|
||||
- Move development panpages to libxcrypt-devel (#1613824)
|
||||
|
||||
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-3
|
||||
- Change crypt, crypt_r to return NULL on failure (#1613537)
|
||||
|
||||
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-2
|
||||
- Add manpages aliases for crypt, crypt_r, crypt_ra (#1612157)
|
||||
|
||||
* Wed Aug 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-1
|
||||
- New upstream release
|
||||
|
||||
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.0-1
|
||||
- New upstream release
|
||||
|
||||
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-6
|
||||
- Make testsuite fail on error again
|
||||
- Update patch0 with more upstream fixes
|
||||
|
||||
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-5
|
||||
- Add patch to update to recent development branch
|
||||
- Re-enable SUNMD5 support as it is BSD licensed now
|
||||
- Build compatibility symbols for glibc only
|
||||
- Skip failing testsuite once
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-3
|
||||
- Remove CDDL from license list (#1592445)
|
||||
|
||||
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-2
|
||||
- Remove SUNMD5 support (#1592445)
|
||||
|
||||
* Wed May 16 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-1
|
||||
- New upstream release
|
||||
|
||||
* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-5
|
||||
- Switch to %%ldconfig_scriptlets
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Feb 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-3
|
||||
- Add patch to fix unintialize value in badsalt test
|
||||
|
||||
* Wed Jan 31 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-2
|
||||
- Add patch to fix bcrypt test with GCC8
|
||||
|
||||
* Sat Jan 27 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-1
|
||||
- New upstream release
|
||||
|
||||
* Mon Jan 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.0.0-0.204.20180120git3436e7b
|
||||
- Fix Obsoletes
|
||||
|
||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.203.20180120git3436e7b
|
||||
- Update to new snapshot fixing cast-align
|
||||
|
||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.202.20180120gitde99d27
|
||||
- Update to new snapshot (rhbz#1536752)
|
||||
|
||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.201.20171109git15447aa
|
||||
- Use archful Obsoletes for libcrypt
|
||||
- Add versioned Requires on glibc packages not shipping libcrypt
|
||||
- Add comments about the packaging logic for replacing former libcrypt
|
||||
|
||||
* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.200.20171109git15447aa
|
||||
- Initial import (rhbz#1532794)
|
||||
- Add Obsoletes/Provides for libcrypt
|
||||
|
||||
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.101.20171109git15447aa
|
||||
- Fix style of %%git_{rel,ver}
|
||||
|
||||
* Tue Jan 09 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.100.git20171109.15447aa
|
||||
- Initial rpm release (rhbz#1532794)
|
||||
- Start revision at 0.100 to superseed builds from COPR
|
Loading…
Reference in New Issue
Block a user